Today I had enough from those script kiddies trying to break into one of my boxes by brute forcing SSH passwords. So I googled a bit and found fail2ban from the homepage:
Fail2Ban scans log files and bans IP that makes too many password failures. It updates firewall rules to reject the IP address.
Of course still better would be to disallow all authentication methods but key-files. Another approach to solve this problem may be portknocking.